Intrusion detection s/w
Matthew Carpenter
matt
Mon Feb 21 14:06:24 PST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aide and Tripwire are great tools, but there is much more to IDS than
them. They simply give you a way to verify with a little confidence
whether files have been tampered with.
Snort IDS is another tool which helps identify bad stuff going on even
before your machine is whacked. If you're interested, that is.
Snort is the IDS engine.
Oinkmaster is the tool I use to auto-update my signatures.
There are several reporting methods. I typically will just write to
files and use logdigest to grab pertinent information, although there
are many better methods.
Alan Jackson wrote:
| I've decided that even though I have almost all the ports on my router
closed,
| I should install some intrusion detection s/w. I used to run tripwire,
back in
| Caldera days, but I see that there is a "replacement" (Aide)
available. This is
| just for a home system running gentoo. Recommendations?
|
- --
Matthew Carpenter
matt at eisgr.com http://www.eisgr.com/
Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCGjA1so9lqh4MragRAgf1AJ9OdyDK/646w8b5w8jNnZz+EiBJJgCfWPy0
xAJKz/qMgopH9+K30P16hkw=
=rvKN
-----END PGP SIGNATURE-----
More information about the Linux-users
mailing list